Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
The Almighty Buck

Hackers Hijack DNS For Lumens Cryptocurrency Site 'BlackWallet', Steal $400,000 (bleepingcomputer.com) 95

An anonymous reader quotes BleepingComputer: Unknown hackers (or hacker) have hijacked the DNS server for BlackWallet.co, a web-based wallet application for the Stellar Lumen cryptocurrency (XLM), and have stolen over $400,000 from users' accounts. The attack happened late Saturday afternoon (UTC timezone), January 13, when the attackers hijacked the DNS entry of the BlackWallet.co domain and redirected it to their own server. "The DNS hijack of Blackwallet injected code," said Kevin Beaumont, a security researcher who analyzed the code before the BlackWallet team regained access over their domain and took down the site. "If you had over 20 Lumens it pushes them to a different wallet," Beaumont added...

According to Bleeping Computer's calculations, as of writing, the attacker collected 669,920 Lumens, which is about $400,192 at the current XML/USD exchange rate. The BlackWallet team and other XLM owners have tried to warn users via alerts on Reddit, Twitter, GitHub, the Stellar Community and GalacticTalk forums, but to no avail, as users continued to log into the rogue BlackWallet.co domain, enter their credentials, and then see funds mysteriously vanish from their wallets.

This discussion has been archived. No new comments can be posted.

Hackers Hijack DNS For Lumens Cryptocurrency Site 'BlackWallet', Steal $400,000

Comments Filter:
  • by Anonymous Coward

    "at the current XML/USD exchange rate"

    Microsoft's going to be happy with their XML (ab)use!

  • by Anonymous Coward

    Unless he finds a bigger fool to sell it too before the bubble bursts.

    Yes I am sad I didn't get in on this bubble at the beginning but not that sad. Let's face it: Bitcoin is no longer behaving like a currency. It's now a speculative game like tulips.

    Alas I am late to this game and you should never enter a market when it looks like the bubble is about to burst.

    Not that sad anyway because it's a gamble. If you're kicking yourself for missing the Bitcoin bubble why not invest in some other cryptocurrency now?

    • Unless he finds a bigger fool to sell it too before the bubble bursts.

      Yes I am sad I didn't get in on this bubble at the beginning but not that sad. Let's face it: Bitcoin is no longer behaving like a currency. It's now a speculative game like tulips.

      Alas I am late to this game and you should never enter a market when it looks like the bubble is about to burst. Not that sad anyway because it's a gamble. If you're kicking yourself for missing the Bitcoin bubble why not invest in some other cryptocurrency now? Yeah. I thought so.

      And the best time to buy into real estate was always 20 years ago.

  • Any bets? (Score:2, Interesting)

    by cold fjord ( 826450 )

    Any bets this is who is behind it?

    Kim Digs for Cybercrime Coin Sanctions Can’t Snatch [thecipherbrief.com]

    And is that leading to this?

    South Korea plans to ban cryptocurrency trading, rattles market [reuters.com]

    • the payoff for this is just too small to be worth their effort. personally I would hazard a bet at either an inside job or a lone individual. The risks vs payoff are just to small for the more significant parties to be involved.
      • Oh, I don't know about that. $400,000 isn't exactly chump change. Besides . . .

        U.S. blames North Korea for 'WannaCry' cyber attack [reuters.com]

        • WannaCry was hugely disruptive, this by comparison is a blip that affected almost nobody. It also is only 400k PRIOR to laundering, the process of laundering and extracting that money will take a huge chunk out of it.
          • The point of both was to obtain money. $400,000 is a pretty good haul for limited work. What do you think the average take was for wannacry? I doubt it was $400,000. I doubt laundering it will be a big challenge for North Korea, North Korea is a criminal enterprise in itself. It is possible they won't have to do much if they plug it back into criminal activity on the dark web.

      • by rtb61 ( 674572 )

        Let's be honest, it is all about dishonesty. What is the nature of the current cryptocurrency market, it's dishonesty, about cheating taxes, about ponzi scheme, it's about funding criminal operations, not all of it but well and truly sufficient of it to attract criminals to it in droves. That means criminal investors, criminal business and criminal employees. With regard to fraud in that environment, look not further than it's own members. First suspect in all cryptocurrency frauds, have to be it's employee

      • the payoff for this is just too small to be worth their effort.

        $400,000 buys a lot of cheese [newsweek.com].

  • The BlackWallet team and other XLM owners have tried to warn users via alerts on Reddit, Twitter, GitHub, the Stellar Community and GalacticTalk forums

    Reddit, Twitter, GitHub and the GalacticTalk forums? OMG, how did I miss this important information?

  • No worries... (Score:5, Insightful)

    by supremebob ( 574732 ) <themejunky@nospAm.geocities.com> on Sunday January 14, 2018 @11:52PM (#55929425) Journal

    You can just call their bank and ask them to refund the fraudulent transfer... no?

    Ok, how about filing an FDIC insurance cla... nope?

    Ok, how about calling the police and having them start an invest... wait, they laughed at you over the phone? Well, that's just mean.

    Maybe they can contact their local attorney and... they don't want to take the case because they can't even find the correct plantiff? Damn.

    Well. fuck. Maybe this cryptocurrency fad isn't as great as they made it sound on Reddit.

    • Or ... Twitter, GitHub, the Stellar Community and GalacticTalk forums ...

    • by euxneks ( 516538 )
      This is exactly like if you stored cash at somebody else's house and they got robbed. Do they have insurance? Did they say they would cover any theft of your money? If not, you're probably SOL.
  • So with most crypto currencies having a public, distributed ledger, how do thieves expect to pass off their stolen crypto coins? The ledger would clearly show any transfers to other wallets, would it not? So theoretically could the thieves be "id'd" in some fashion when they try to sell the coins to other users? I realize the ids are just hashes, but still if the exchanges have backups, they should be able to at least identify the stolen wallet ids, wouldn't they? While it might not be able to prevent t

    • by mentil ( 1748130 )

      It's completely possible to:
      a) steal cryptocurrency
      b) sit on it
      c) wait for statute of limitations for relevant crimes to run out
      d) then transfer it safely, knowing noone is paying attention any more or can do anything. if you stole enough, it's POSSIBLE the blockchain would get forked just to spite you... but probably not

      I wonder how many thieves have made a fortune doing this, by virtue of the cryptocurrency exploding in value after the theft

  • The title says it all. My Siacoins are in my local wallet and it's like 4GB of data to hold the entire blockchain. Stop being lazy, people!

"If it's not loud, it doesn't work!" -- Blank Reg, from "Max Headroom"

Working...